CySA+ Study Notes 21

Question 1

enterprise management software used to mediate access to cloud services by users across all types of devices.

Some functions of ??? : SSO and enforce access controls and authorizations, scan for malware and rogue or non-compliant device access, monitor and audit user and resource actions, mitigate data exfiltration by preventing access to unauthorized cloud services from managed devices.

Answer 1

CASB

Question 2

forward proxy (forwards traffic to cloud network if contents of that traffic comply w/policy - proxy can inspect all traffic in real time), Reverse Proxy : directs traffic to cloud services if traffic comply w/policy, and API.

Answer 2

CASB (in general has 3 modes)

Question 3

allows consumers to automate services, can create virtual instances to authentication and log monitoring and analysis. Should be used over HTTPS.

Answer 3

API

Question 4

To invoke API client must submit credential, to access confidential data this process should be secure authentication/authorization like SAML or OAuth/ODIC. Do not embed key in source code but store key on client. Dont allow full control only authorizations for what is necessary. Delete Keys if they become unused.

Answer 4

API Info

Question 5

open-source python tool to audit instances and policies created on multicloud platforms like Amazon Web Services, Microsoft Azure and Google Cloud Platform.

Answer 5

ScouteSuite

Question 6

audit tool for AWS only and can evaluate CIS benchmarks for AWS and GDRP and HIPAA compliance checks.

Answer 6

Prowler

Question 7

for exploitation framework to test security configs of AWS account.

Answer 7

Pacu